โผ CVE-2021-38979 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) โผ
๐ Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-30216 โผ
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled product. Notes: none.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42954 โผ
๐ Read
via "National Vulnerability Database".
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26338 โผ
๐ Read
via "National Vulnerability Database".
Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43048 โผ
๐ Read
via "National Vulnerability Database".
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42706 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer๐ Read
via "National Vulnerability Database".
โผ CVE-2020-12920 โผ
๐ Read
via "National Vulnerability Database".
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-12894 โผ
๐ Read
via "National Vulnerability Database".
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38949 โผ
๐ Read
via "National Vulnerability Database".
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42375 โผ
๐ Read
via "National Vulnerability Database".
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38977 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) โผ
๐ Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24850 โผ
๐ Read
via "National Vulnerability Database".
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-21639 โผ
๐ Read
via "National Vulnerability Database".
Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-12960 โผ
๐ Read
via "National Vulnerability Database".
AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-43011 โผ
๐ Read
via "National Vulnerability Database".
Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-12899 โผ
๐ Read
via "National Vulnerability Database".
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42726 โผ
๐ Read
via "National Vulnerability Database".
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24787 โผ
๐ Read
via "National Vulnerability Database".
The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed๐ Read
via "National Vulnerability Database".
โผ CVE-2020-21627 โผ
๐ Read
via "National Vulnerability Database".
Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24847 โผ
๐ Read
via "National Vulnerability Database".
The importFromRedirection AJAX action of the SEO Redirection Plugin รยขรขโยฌรขโฌล 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3939 โผ
๐ Read
via "National Vulnerability Database".
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.๐ Read
via "National Vulnerability Database".